From: Casey Bodley <cbodley@redhat.com>
Date: Mon, 25 Nov 2024 18:07:46 +0000 (-0500)
Subject: radosgw-admin: 'user create' rejects uids matching the account id format
X-Git-Tag: v19.2.3~275^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=c16dc7ed8c2224ea72ede3bff10bdf2ca7810828;p=ceph.git

radosgw-admin: 'user create' rejects uids matching the account id format

`parse_owner()` relies on `rgw::account::validate_id()` to disambiguate
between user ids and account ids. reject attempts to create a user with
an ambiguous user id

Fixes: https://tracker.ceph.com/issues/69043

Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 5378cfe3c5bf5953b53beee42975d045759238b1)
---

diff --git a/src/rgw/driver/rados/rgw_user.cc b/src/rgw/driver/rados/rgw_user.cc
index 5fe57c65147..d37990dc5f3 100644
--- a/src/rgw/driver/rados/rgw_user.cc
+++ b/src/rgw/driver/rados/rgw_user.cc
@@ -1749,7 +1749,11 @@ int RGWUser::execute_add(const DoutPrefixProvider *dpp, RGWUserAdminOpState& op_
   user_info.display_name = display_name;
   user_info.type = TYPE_RGW;
 
-  // tenant must not look like a valid account id
+  // user/tenant must not look like a valid account id
+  if (rgw::account::validate_id(uid.id)) {
+    set_err_msg(err_msg, "uid must not be formatted as an account id");
+    return -EINVAL;
+  }
   if (rgw::account::validate_id(uid.tenant)) {
     set_err_msg(err_msg, "tenant must not be formatted as an account id");
     return -EINVAL;